The ATeam, a UK branch of the Anonymous hacktivist collective, has used a variety of methods in attacks on the website of the UK Information Commissioner's Office over the past week, according to a spokesperson for the group.

Attackers, including the ATeam, have been targeting the site with distributed denial-of-service (DDoS) attacks since Sunday as part of a protest called 'Operation Leveson'. The ICO website was down again at the time of writing.

"The website has been intermittently available over the past few days," a spokesman for the data-protection watchdog told ZDNet UK on Wednesday. "We are looking into the attacks, and how we can prevent such attacks in the future. At the moment we are considering our options [about reporting the attacks to law enforcement]."

Operation Leveson is a protest against the Leveson Inquiry, which is investigating allegations of phone hacking. The ATeam has claimed the ICO "lacks independence [and] has repeatedly failed to protect the public's privacy from hacking or data protection breaches".

The ATeam is using a network of around 75,000 compromised or 'zombie' computers called a 'botnet' to launch the DDoS attacks using automated attack methods only, an ATeam spokesperson told ZDNet UK via messages on Twitter. The botnet has been built using both volunteer machines and systems that have been infected by hackers, said the spokesperson.

A lot of small businesses will continue to rely on security through obscurity like fish in a school.

– Andy Buss, Freeform Dynamics

Anonymous and LulzSec DDoS attacks around the world have used a wide variety of methods to take down websites, including the use of voluntary downloads of the LOIC (Low Orbit Ion Cannon) tool — which has been implicated in arrests — and HOIC (High Orbit Ion Cannon) to form voluntary botnets. In addition, attackers have used other more sophisticated tools such as Hping, Slowloris and Killapache, according to security researchers.

The ATeam is not using these attack tools against the ICO website, according to the spokesperson, but is instead using automated attacks. The zombie machines in the botnet have been sent a piece of code that makes them contact intermediary servers every minute. The servers carry an attack IP address, and the attack will continue while the zombies poll the server.

The ATeam is also using a method that can generate attack traffic of 35 gigabits per second, according to the spokesperson. "We also have another attack method which is very sophisticated," the spokesperson said. "We attack with 50 servers — we can blue-screen a server so that it needs to be reboot [sic]."

DDoS methods

It is common for attackers to use a variety of DDoS methods against an organisation's website, according to security company Arbor Networks.
"Most of what we are seeing are multi-vector attacks," Arbor Networks EMEA solutions architect Darren Anstee told ZDNet UK on Wednesday. "It tends to be a combination of volumetric and application-layer attacks."

Attackers tend to use botnets to flood a network with traffic, to try to overwhelm firewalls, or to attack specific applications or services, said Anstee.

Organisations with limited budgets, such as small or medium-sized businesses, have a number of options to try to mitigate DDoS, according to Anstee. SMEs can approach their service providers to buy DDoS protection services, but it is worth asking service providers to define their incident handling procedures in the event of an attack. Businesses should know who to contact in the event of an attack — not only within service providers, but also within their own organisations, said Anstee.

According to Freeform Dynamics analyst Andy Buss, small businesses tend not to worry about DDoS until it happens to them. "A lot of small businesses will continue to rely on security through obscurity like fish in a school," said Buss. "They hope not to be eaten by a shark by being in a big pack."

Get the latest technology news and analysis, blogs and reviews
delivered directly to your inbox with ZDNet UK's
newsletters.